Details
-
Bug
-
Resolution: Obsolete
-
Medium
Description
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
I am writing an Atlassian Connect addon and I want to be able to say things like:
- Who are all of the users that have PROJECT_ADMIN in this project?
- Does this user have the permissions that they need?
This seems to be the only permission url that I can find that will do the job and it seems to be completely buggy.
- It returns 401's when I think it means 403's.
- If I don't provide a username filter then, instead of not filtering at all (like the docs suggest), it returns the error message "The username query parameter was not provided".
- The URL does not seem to obey permission checks correctly. When my user had PROJECT_ADMIN then it returned no results, but when I gave that user ADMIN then I started getting 401 errors back.
All in all this rest resource is currently completely unuseable.
And, to make matters worse, when I looked at the JIRA code then I saw that there is not one single test in com.atlassian.jira.rest.v2.issue.UserResourceTest that excercises this rest call.
The bottom line is this:
- This is a critical REST call that must work for Atlassian Connect addons.
- It is completely untested and that needs to be rectified immediately and the tests need to be extensive.
- There are permission and functionality issues this this rest resource that need immediate attention.
Please put this at the top of the backlog or somewhere high. Cheers.
Attachments
Issue Links
- is related to
-
JRASERVER-43075 rest/api/2/user/permission/search is broken in many different ways.
- Closed